On Thursday 9th November, 2017, stakeholders gathered at global law firm Baker McKenzie to discuss issues raised by PSD2’s pending arrival. The implementation of this new regulatory framework brings about major changes in the European industry. Naturally, insiders’ standpoints on the new regulation differ as the lack of certainty casts a veil of doubt on the awaited repercussions.
During this roundtable, parties directly involved with the European directive covered, from their respective point of view, PSD2’s political aspects, its challengers’ concerns, as well as the sensible question of data privacy.
Political issue: the case of the Netherlands
The Netherlands, together with Belgium, is the only European country to officially anticipate a delay in the implementation of the directives. Martin Schorel (founder, WTSS), who introduced the matter, underlined the debate surrounding the data privacy issu es eventually paralysing the process. A debate witnessed by Holland FinTech’s representative when he spoke in the name of our organization a week later at the Parliament; to turn the issue away from data privacy matter towards other concerns is a thorny task. Indeed, the issue should be approached from a broader digital standpoint, not solely within the context of financial regulations, if one is to avoid entering a regulatory dead-end.
As a result, the directive is still waiting to be validated by the Second Chamber. The date for PSD’s implementation is set for June 2018, a six months delay compared to the explicit plans of other European countries. Admittedly, the directive is expected to be effective later than January in most member states, due to a lack of infrastructure and scarce information.
Despite this hindrance, some parties around the table indicated that payment service providers could circumvent this delay while still working in compliance with the directives. As Anupam Majumdar (Accenture) noted:
“The delay from the Dutch regulators to incorporate PSD2 in the national legislation is unlikely to stymie the growth of innovation in Netherlands. Market competition led by new entrants and challenger banks from other geographies will in all likelihood target Dutch consumers. Therefore, incumbent banks who are clear on an open banking strategy and have already been progressing in this direction will spur further innovation in the Dutch economy.”
A similar thought was extended by Martin Schorel when he observed that many incumbent banks already have PSD2-compliant APIs market-ready. Rabobank, represented this day by its Program Manager PSD2, Michal Kalina, confirmed the launch of its own PSD2-compliant APIs in January. Rabobank is not the only one to do so. For that matter, it is interesting to note that the use of APIs as a medium to apply PSD2 is not formally stated by the texts, but rather stems from a consensus between parties in the market.
This raises the question of whether companies should follow strict compliancy or be open to more strategic solutions. Canada’s example was cited as an eventual model to follow, the country having embraced a flexible approach to the matter. In any case, bank representatives displayed a certain annoyance towards this delay, as Flip Tonkens (ING) remarked. To palliate this postponement, ING is experimenting with a compliancy project abroad, where the directive will be sooner implemented. Th eir stance supports Accenture’s position on the matter.
According to Marc van der Maarel (Betaalvereniging), the reasons behind this delay remain mainly political, and private banks have no interest in prolonging the process. Van der Maarel observed that Dutch banks are contributing to the provision of safe and reliable solutions within a trade-off between security and opening.
New entrants preoccupied
The question of entry barriers to financial markets was a concern for the third parties represented around the table. PSD2 is certainly a game-changer, but the facility with which new entrants will access the PSD2-shaped market is still unclear.
For some, new entrants will have a hard time obtaining DNB licenses, at least until 2019. That was Robert Bueninck’s (Klarna) opinion, which was also shared by Adri Odding (MyMoneyManager), who stated, “it is a pity to hear that the DNB is not waiting for new companies (TPP’s) asking for licences about AISP or PISP.”
Odding agreed with payment company Acapture in regards to the cost and difficulty encountered by new entrants, and underlined the opposition between DNB’s approach to the new directives and the European Central Bank’s philosophy on innovation and competition. According to him, “all kinds of thresholds are created to make it difficult for starting up,” even if some positive developments are seen between incumbents and start-ups.
Among these difficulties is the lack of regulatory body indexing licensed TPPs or providing technical certification, as no infrastructure is expected to be set up yet. Within the scope of data protection, Corinne Schot (Baker MacKenzie) pointed out that new players could hardly enter the market because of incumbents’ protective behaviour, underlining banks’ monopoly on innovation. This is a situation that PSD2 should disrupt, as Klarna’s General Manager BNL noted. The essence of the discussion could hence be reduced to whether incumbents should keep the monopoly on innovation – and security.
The PSD2 could thus in fine open competition. Nonetheless, for some participants, such as Loek Bosman (Acapture), it could also make it tough for existing players to stay on the market, and organisations could face difficulties continuing their activities with the same business models, leaving them with the choice between having to adapt or leave the market. Such adaptation has to go through licenses, which access would have to be made clear to new players in order to allow a frictionless competitive environment. Even then, the delay will disturb newcomers, as the DNB would have to wait for PSD2 to be implemented to be able to provide licenses. Loek Bosman, product manager for e-commerce at Acapture, commented on the roundtable and his company’s approach to the regulatory changes:
“Great talks with market makers and innovators on the possible PSD2 scenarios! We’re all curious about the end impact of the regulation; will it create openness and more choices for consumers, or rather restrict their preferences in regards to making online payments? We, at Acapture, work with our clients and merchants to thoroughly prepare before the actual regulation is implemented, so that they eliminate payments complexities, save money and time, and become PSD2-compliant. It’s important for the online marketplaces to stay focused on their core business and not be overwhelmed with the implications of PSD2.”
Bosman’s advice to businesses is in line with statements by regulators, who recommend that businesses focus on best practices rather than being too worried by the details of PSD2.
The consumer’s stance: data protection
Regarding data privacy responsibility, PSD2 appears to be rather confusing for the involved parties. From the moment a third party gets access to consumers’ data, the responsibility to respect users’ privacy becomes shared. Hence the confusion, as without clear definition of the responsibility’s boundaries, stakeholders may lose their sense of accountabili ty. Thus banks are not going to be the only guardian of financial data, and the surveillance and control of this it might get weakened in this extended chain:
“PSD2 is very big in our [the attendees of the round table session] heads for already quite some time. But the average Dutch consumer is only just waking up and might ask himself what is going on with the privacy of its payment data. Clear, comprehensive and objective information is needed to inform them what PSD2 is all about, and that it is simply not true that consumers’ privacy with regard to their payment behaviour is profaned. Explicit consent of the consumer is key, but the consumer should become more aware what his explicit conse nt actually means. In that perspective, the current societal debate regarding privacy and PSD2 (and its relation to the GDPR) is helpful to improve consumers’ awareness on this matter.” – Marc van der Maarel from Betaalvereniging
In addition to such inputs, participants agreed that the debate on open data has been conveyed in a somewhat biased way in the media, creating a deformed public vision of open financial data. Consumers’ opinions on the directive iare either non-existent or mitigated, and banks are not putting a sincere effort into marketing the changes to come.
Clarity is the main issue
The expected delay was quite relativized during this roundtable, and it became clear that lack of clarity was a major reason for the delay. That the PSD2 is to be postponed is perhaps an annoyance and disadvantage for the country, but it certainly needs to balanced by a clear stance from financial authorities and stakeholders.
In any case, it was made clear that open banking will go ahead despite the regulatory delay. As for the actual application of the directive, it will require a step-by-step process, and will take on its full potential over a certain period of time.By Jean Leguy, Research Coordinator at Holland FinTech]]>